a37e779872fde8c6fd32bdd98e6ea05ace86b06c5a481b9268905bee4dd52c05

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 17:57

Target

4ac77247b24229e9f5b426bf1a732342_JaffaCakes118.dll
Size

73KB
MD5

4ac77247b24229e9f5b426bf1a732342
SHA1

9709876a01eccb57bcf1346b8265b3dceeb575fb
SHA256

a37e779872fde8c6fd32bdd98e6ea05ace86b06c5a481b9268905bee4dd52c05
SHA512

676e8d88bfcfcd0d48e55a3361ed29edef43b7a408795349d871870203887f84c77b9e098adc48e088faeda2254d7be0555788620593c59932b3791e466f3810
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 2988	736	rundll32.exe	83
PID 736 wrote to memory of 2988	736	rundll32.exe	83
PID 736 wrote to memory of 2988	736	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ac77247b24229e9f5b426bf1a732342_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ac77247b24229e9f5b426bf1a732342_JaffaCakes118.dll,#1
  2⤵
  PID:2988